Q about azure native KeyVault amp Certificates I ve created Pulumi Community #azure

Q about azure-native: KeyVault & Certificates....

chilly-analyst-14900

09/07/2022, 8:01 PM

Q about azure-native: KeyVault & Certificates. I’ve created a cert in a KeyVault, which I can fetch via

GetSecret.Invoke()

. But I don’t see any function to retrieve the Certificate (I need the thumbprint, for example. Any ideas?

chilly-analyst-14900

09/07/2022, 8:03 PM

I can get it by running

az keyvault certificate show --vault <vault> -n <certName> --query "x509ThumbprintHex" -o tsv

chilly-analyst-14900

09/07/2022, 8:04 PM

what would be the easiest way to do the same in Pulumi?

chilly-analyst-14900

09/07/2022, 8:11 PM

Oo, just found

Pulumi.Command

had a stdout. Resolves my issue.

Copy code

var getThumb = new Command("getThumb", new CommandArgs
{
    Create = "az keyvault certificate show --vault $VAULT -n $NAME --query \"x509ThumbprintHex\" -o tsv",
    Environment =
    {
        { "NAME", certName },
        { "VAULT", vault.Name },
    },
});

melodic-tomato-39005

09/08/2022, 6:35 PM

Retrieving the values of secrets, including certs, is not available through Pulumi since this is a data-plane operation. See this (pretty hidden) note on https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/getsecret/#secretpropertiesresponse:

Users should use the data-plane REST service for interaction with vault secrets.

Glad you found another way. Using the Azure SDK would be another one.

👍 2

chilly-analyst-14900

09/12/2022, 5:50 PM

Makes sense. And thanks for the tip on Azure SDK — I guess that makes a lot more sense that parsing stdout 😄

5 Views

Open in Slack

Previous Next